VPN Remote Access
The other main use for VPNs is for remote users to access the network. As noted earlier, the 336G offers two secure tunneling options: IPSec and SSL. But note that NETGEAR includes just one license for its SafeNet SoftRemote 10.8.0 (Build 20) IPsec client. Note that this version has been updated to work with Microsoft Vista.
Although the software is updated, the best way to configure and use the IPSec Client software hasn't changed significantly from our instructions with the NETGEAR FVS124G. Setting up IPSec software between a router and a PC is a detailed process, requiring precise configuration of IDs, Authentication, and Key Exchange on both the router and client.
Figure 5 is a screenshot of just one piece of the Client software configurations. I used NETGEAR’s instructions, located here, for configuring the FVS336G and the VPN Client software.
Figure 5: VPN client configuration
Having tested multiple vendors' IPsec clients, I haven't used one yet that I'd call a no-brainer, and NETGEAR’s is no exception. I found configuring IPSec Client connections challenging on the FVS124G, FVX538, and FVS336G.
With only one IPSec VPN license included with the FVS336G, NETGEAR seems to guiding customers to use the SSL VPN option to secure remote access users. In my opinion, this is a good thing.
SSL VPN connectivity is easier and cleaner, with fewer options to configure and no application to manually install and configure on the laptop. Like the Linksys RVL200 [reviewed], NETGEAR’s SSL VPN technology simplifies VPN connections for both network administrators and end users.
Enabling SSL VPN access on the NETGEAR FVS336G is a matter of defining users, selecting a few simple options, instructing end users on the loading of the web applet, and then optimizing security options. Adding a user is simple, as seen in Figure 6.
Figure 6: Adding an SSL user
A nice addition to SSL VPN security from NETGEAR is the ability to customize the web page presented to SSL VPN end users when they access the network remotely. As you can see in Figure 7, I've customized the login pages with the lines on top of the web page that say "SmallNet Secure Network" and the warning "Authorized personnel only, please."
Further customization is available, allowing a network administrator the option of providing additional information or instructions to end users.